migg
-
Compteur de contenus
66 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par migg
-
Bonjour je devrais avoir le cd d'un jour a l'autre Beaucoup m'ont offerrt une copie du cd. est-ce que cela aurait pu suffire? ca aurait été beaucoup plus rapide ... a+ migg
-
bonjour je pourrais emprunter celui de quelqu'un d'autre sans faire échec a l'autentification microsoft ? (je croyais qu'un cd ne pouvait etre utilisé que sur un ordi) si oui je pourrais surement trouvé a+ migg
-
Bonjour florinator j'ai fait la manip comme tu m'as demandé. mais malheureusement j'ai toujours le meme message lorsque je veux passer par le menu demarrer par contre au redemarrage j'ai une dizaine de raccourci qui int disparu du bureau prochaine étape ? a+ migg
-
J'ai tenté mais sans succes par contre est ce normal qu'apres avoir fait default et cliquer sur ok il ne m'offre pas d'appliquer ? prochaine étape ? a+
-
Bingo pour le poste de travail !!! Et maintenant quand je cliques sur (ex) mes documents dans le menu demarer ca me donne: aucun programmes n'est associé a ce fichier pour executer cette action. creer une association en utilisant l'application option des dossiers dans le panneau de configuration. le seul hic est que quand je clique sur panneau de configuration ca me donne le meme message d'ailleur si je passe par le menu demarer pour aller a mon poste de travail ca me donne la meme chose mais si je passe par mon bureau ca mache Mais il y a de l'avancé a+
-
Désolé d'etre porteur de mauvaises nouvelles mais rien de nouveau sous le soleil. j'ai regarder sur regedit mais shell est toujours une valeur non défini... a+
-
rebonjour j'ai vérifié la clé comme tu m'as demandé. par contre c'était shellex. j'espere que c'est la bonne. ca me donne (valeur non définie) sous la case données. j'espere que ca te sera utile a+ migg
-
Bonjour le petit probleme c'est que je n'ai pas acces a mon poste de travail (lorsque je clique dessus ca m'envoie direct a gestion de l'ordinateur) en passant par le gestionnaire je peux le voir, acceder a mes dossiers et disque mais pas aller sur le poste. aurais-tu un petit truc pour y acceder ? a+ migg
-
Salut est-ce ok ? a+ migg
-
Salut malheureusement je peux pas ouvrir mon poste de travail je test quelque chose... a+ migg
-
Bonjour en cherchant un peu j'ai trouvé comment faire ma capture. j'espere que je l'ai bien fait... alors voici: a+ migg
-
Bonjour Petite question stupide mais comment je fais pour faire u8ne capture d'écran? A+
-
Bonjour Commande effectuée... mais les problemes persistent prochaine étape ?
-
bonjour ca me dit: les fichiers necessaire au fonctionnement de window doivent etre copier dans le dossier dll cache. inserer votre window xp service pack 3 cd que dois je faire? migg
-
bonjour Florinator L:utilitaire a été passé. pouur le xp je ne suis pas sur. un cd gravé venait avec l'ordi quand je l'ai acheté reconditionné en magasin) mais je n'ai jamais regardé ce qu'il contenait. a+ mig
-
Bonjour la machine semble bien se porter. l'antivirus ne s'affole plus. je fait une mise a jour et un scan complet pour en etre plus sur. par contre 2 problemes mineurs depuis ce temp: 1) lorsque je double clique sur mon poste de travail ca m'apporte directement a gestion de l'ordinateur. plus moyen de voir mes lecteurs. 2) lorsque je vais dans le menu demarer et que je clique sur un icone (ma musique, mes documents etc) mes documents ne s'ouvre pas. Des suggestions ? sinon tout semble nickel un gros merci pour ta patience migg
-
tu es déja tout pardonné (tu as meme du crédit ) voici le rapport pour iexplorer.exe 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: iexplore.exe Submission date: 2010-09-07 06:48:00 (UTC) Current status: finished Result: 0 /43 (0.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2010.09.07.00 2010.09.07 - AntiVir 8.2.4.50 2010.09.07 - Antiy-AVL 2.0.3.7 2010.09.07 - Authentium 5.2.0.5 2010.09.07 - Avast 4.8.1351.0 2010.09.06 - Avast5 5.0.594.0 2010.09.06 - AVG 9.0.0.851 2010.09.06 - BitDefender 7.2 2010.09.07 - CAT-QuickHeal 11.00 2010.09.07 - ClamAV 0.96.2.0-git 2010.09.07 - Comodo 5996 2010.09.07 - DrWeb 5.0.2.03300 2010.09.07 - Emsisoft 5.0.0.37 2010.09.07 - eSafe 7.0.17.0 2010.09.05 - eTrust-Vet 36.1.7839 2010.09.06 - F-Prot 4.6.1.107 2010.09.01 - F-Secure 9.0.15370.0 2010.09.07 - Fortinet 4.1.143.0 2010.09.05 - GData 21 2010.09.07 - Ikarus T3.1.1.88.0 2010.09.07 - Jiangmin 13.0.900 2010.09.07 - K7AntiVirus 9.63.2453 2010.09.06 - Kaspersky 7.0.0.125 2010.09.07 - McAfee 5.400.0.1158 2010.09.07 - McAfee-GW-Edition 2010.1B 2010.09.07 - Microsoft 1.6103 2010.09.07 - NOD32 5429 2010.09.06 - Norman 6.05.11 2010.09.06 - nProtect 2010-09-07.01 2010.09.06 - Panda 10.0.2.7 2010.09.06 - PCTools 7.0.3.5 2010.09.07 - Prevx 3.0 2010.09.07 - Rising 22.64.01.01 2010.09.07 - Sophos 4.57.0 2010.09.06 - Sunbelt 6840 2010.09.07 - SUPERAntiSpyware 4.40.0.1006 2010.09.07 - Symantec 20101.1.1.7 2010.09.06 - TheHacker 6.5.2.1.366 2010.09.07 - TrendMicro 9.120.0.1004 2010.09.07 - TrendMicro-HouseCall 9.120.0.1004 2010.09.07 - VBA32 3.12.14.0 2010.09.06 - ViRobot 2010.9.6.4028 2010.09.07 - VirusBuster 12.64.20.0 2010.09.06 - Additional information Show all MD5 : 203e897f843d56496e2cc101dff6ce34 SHA1 : 3c2fd3dcafc6e78177fecb2a54feb37213728f69 SHA256: 6cd444fd130677252da161cfe33bb71b228d9d14868d5e803cfac5c00fefaf6b ssdeep: 12288:K0X+pd167QhE0s7+jM+M6ugRfMMkIM7tX+pd167QhE0S7+B:zE6Ehg7mM+M6RkMkIM7tE 6Ehm7S File size : 634656 bytes First seen: 2010-08-11 08:25:55 Last seen : 2010-09-07 06:48:00 Magic: PE32 executable for MS Windows (GUI) Intel 80386 32-bit TrID: Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) sigcheck: publisher....: Microsoft Corporation copyright....: © Microsoft Corporation. All rights reserved. product......: Windows_ Internet Explorer description..: Internet Explorer original name: IEXPLORE.EXE internal name: iexplore file version.: 7.00.6000.17080 (vista_gdr.100616-0452) comments.....: n/a signers......: Microsoft Corporation Microsoft Code Signing PCA Microsoft Root Certificate Authority signing date.: 6:04 PM 6/16/2010 verified.....: - PEiD: - PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x31B9 timedatestamp....: 0x4C18DC4A (Wed Jun 16 14:14:34 2010) machinetype......: 0x14C (Intel I386) [[ 4 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x1000, 0xEF69, 0xF000, 5.86, 412270aa976eee81755f0c3b9675cf2e .data, 0x10000, 0x1054, 0xE00, 1.9, 1d568759ac4b68002a01817462247a7f .rsrc, 0x12000, 0x883D8, 0x88400, 6.87, 57e443446442f66647ff30d48ba78887 .reloc, 0x9B000, 0xDE0, 0xE00, 6.45, 1b584e4f8c0fdbb290a0f77c1c975880 [[ 12 import(s) ]] advapi32.dll: RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegEnumValueW, RegEnumKeyW, RegSetValueExW, RegCreateKeyExW, RegDeleteValueW, RegDeleteKeyW, RegQueryInfoKeyW, RegQueryValueW gdi32.dll: CreateFontIndirectW, GetObjectW, DeleteObject iertutil.dll: -, -, -, -, -, -, -, -, -, -, -, -, - kernel32.dll: InitializeCriticalSection, SetErrorMode, HeapSetInformation, SetUnhandledExceptionFilter, DeleteCriticalSection, GetCommandLineW, LocalAlloc, ExpandEnvironmentStringsW, LocalFree, CreateMutexW, GetLastError, RaiseException, LoadLibraryA, WaitForSingleObjectEx, CreateFileMappingW, GetFileAttributesExW, CompareFileTime, lstrcmpW, LoadLibraryW, CompareStringW, InitializeCriticalSectionAndSpinCount, GetCurrentDirectoryW, WaitForSingleObject, GetSystemDefaultLCID, GetUserDefaultLCID, EnterCriticalSection, LeaveCriticalSection, SearchPathW, FindResourceW, GetUserDefaultUILanguage, GetSystemDefaultUILanguage, FreeLibrary, GetLocaleInfoW, CreateFileW, LoadLibraryExW, FindResourceExW, LoadResource, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, OutputDebugStringA, GetStartupInfoW, InterlockedCompareExchange, Sleep, InterlockedExchange, MapViewOfFile, GetCurrentProcessId, OpenProcess, CreateEventW, GetCurrentThreadId, CreateProcessW, WaitForMultipleObjects, UnmapViewOfFile, lstrlenW, GetModuleHandleW, GetProcAddress, SetDllDirectoryW, SetLastError, CloseHandle, ReleaseMutex, GetVersionExW, GetModuleFileNameW, GetLongPathNameW msvcrt.dll: __wgetmainargs, _cexit, _exit, _XcptFilter, exit, _wcmdln, _initterm, _amsg_exit, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, memcpy, memmove, _terminate@@YAXXZ, _controlfp, _unlock, _lock, _onexit, _errno, __2@YAPAXI@Z, __3@YAXPAX@Z, wcsstr, memset, _vsnwprintf, wcsncmp, _wcsicmp, _wcsnicmp, bsearch, _wtoi, wcschr, __dllonexit ntdll.dll: RtlUnwind ole32.dll: CoInitialize, CoTaskMemFree, CoUninitialize, CoTaskMemAlloc, CoCreateInstance, StringFromGUID2, CoGetTreatAsClass shell32.dll: -, CommandLineToArgvW shlwapi.dll: -, -, PathRemoveFileSpecW, PathAppendW, PathQuoteSpacesW, SHGetValueW, StrStrW, UrlApplySchemeW, UrlCreateFromPathW, PathCombineW, UrlCanonicalizeW, -, PathIsURLW, PathAddBackslashW, -, SHEnumValueW, SHQueryValueExW, -, SHRegGetValueW, SHSetValueW, StrToIntExW, SHDeleteKeyW, PathUnquoteSpacesW, PathFindFileNameW urlmon.dll: - user32.dll: CharNextW, CharUpperW, GetUserObjectInformationW, GetThreadDesktop, GetParent, DialogBoxParamW, IsDlgButtonChecked, EnableWindow, EndDialog, SetDlgItemTextW, GetDlgItem, LoadStringW, MessageBoxW, AllowSetForegroundWindow, SendDlgItemMessageW, SendMessageW version.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW VT Community encore une fois merci migg
-
je trouve un iexpress.exe ou un eplorer.exe serais-ce un de ceux la ? a+ migg
-
Bonjour voici mon rapport virus total pour le firefox.exe: File name: firefox.exe Submission date: 2010-09-07 16:59:21 (UTC) Current status: finished Result: 0 /43 (0.0%) VT Community goodware Safety score: 99.9% Compact Print results Antivirus Version Last Update Result AhnLab-V3 2010.09.07.01 2010.09.07 - AntiVir 8.2.4.50 2010.09.07 - Antiy-AVL 2.0.3.7 2010.09.07 - Authentium 5.2.0.5 2010.09.07 - Avast 4.8.1351.0 2010.09.07 - Avast5 5.0.594.0 2010.09.07 - AVG 9.0.0.851 2010.09.07 - BitDefender 7.2 2010.09.07 - CAT-QuickHeal 11.00 2010.09.07 - ClamAV 0.96.2.0-git 2010.09.07 - Comodo 6002 2010.09.07 - DrWeb 5.0.2.03300 2010.09.07 - Emsisoft 5.0.0.37 2010.09.07 - eSafe 7.0.17.0 2010.09.07 - eTrust-Vet 36.1.7839 2010.09.06 - F-Prot 4.6.1.107 2010.09.01 - F-Secure 9.0.15370.0 2010.09.07 - Fortinet 4.1.143.0 2010.09.07 - GData 21 2010.09.07 - Ikarus T3.1.1.88.0 2010.09.07 - Jiangmin 13.0.900 2010.09.07 - K7AntiVirus 9.63.2463 2010.09.07 - Kaspersky 7.0.0.125 2010.09.07 - McAfee 5.400.0.1158 2010.09.07 - McAfee-GW-Edition 2010.1B 2010.09.07 - Microsoft 1.6103 2010.09.07 - NOD32 5432 2010.09.07 - Norman 6.06.05 2010.09.07 - nProtect 2010-09-07.02 2010.09.07 - Panda 10.0.2.7 2010.09.07 - PCTools 7.0.3.5 2010.09.07 - Prevx 3.0 2010.09.07 - Rising 22.64.01.04 2010.09.07 - Sophos 4.57.0 2010.09.07 - Sunbelt 6842 2010.09.07 - SUPERAntiSpyware 4.40.0.1006 2010.09.07 - Symantec 20101.1.1.7 2010.09.07 - TheHacker 6.5.2.1.367 2010.09.07 - TrendMicro 9.120.0.1004 2010.09.07 - TrendMicro-HouseCall 9.120.0.1004 2010.09.07 - VBA32 3.12.14.0 2010.09.07 - ViRobot 2010.8.25.4006 2010.09.07 - VirusBuster 12.64.21.0 2010.09.07 - Additional information Show all MD5 : baccda841c689d1cba941f478e8ed24b SHA1 : 352563ec1bbc51d2d74e617bd6e273507a16450e SHA256: 23434b8f0cda735742f5faa3bb032913ab6f3af5a763b48d13ed85a4860fc78e Par contre je n'ai pas trouvé le C:\Windows\System32\iexplorer.exe je continu de chercher... a+ migg
-
Bonjour Florinator voici moon rapport virus total: Safety ratings and user comments (disinfection, in-the-wild locations, reverse engineering reports, etc.) on malware and URLs, free and easy. email password Keep me logged in Sign in Signing in, please wait... Login failed, please try again Forgot your password? Create an account Edit my profile View my profile Inbox Virus Total Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information... 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: scrrnfr.dll.vir Submission date: 2010-09-06 10:09:29 (UTC) Current status: finished Result: 0 /43 (0.0%) VT Community not reviewed Safety score: - Compact Print results Antivirus Version Last Update Result AhnLab-V3 2010.09.05.00 2010.09.04 - AntiVir 8.2.4.50 2010.09.06 - Antiy-AVL 2.0.3.7 2010.09.03 - Authentium 5.2.0.5 2010.09.06 - Avast 4.8.1351.0 2010.09.06 - Avast5 5.0.594.0 2010.09.06 - AVG 9.0.0.851 2010.09.05 - BitDefender 7.2 2010.09.06 - CAT-QuickHeal 11.00 2010.09.06 - ClamAV 0.96.2.0-git 2010.09.06 - Comodo 5986 2010.09.06 - DrWeb 5.0.2.03300 2010.09.06 - Emsisoft 5.0.0.37 2010.09.06 - eSafe 7.0.17.0 2010.09.05 - eTrust-Vet 36.1.7838 2010.09.06 - F-Prot 4.6.1.107 2010.09.01 - F-Secure 9.0.15370.0 2010.09.06 - Fortinet 4.1.143.0 2010.09.05 - GData 21 2010.09.06 - Ikarus T3.1.1.88.0 2010.09.06 - Jiangmin 13.0.900 2010.09.06 - K7AntiVirus 9.63.2442 2010.09.04 - Kaspersky 7.0.0.125 2010.09.06 - McAfee 5.400.0.1158 2010.09.06 - McAfee-GW-Edition 2010.1B 2010.09.06 - Microsoft 1.6103 2010.09.06 - NOD32 5425 2010.09.05 - Norman 6.05.11 2010.09.05 - nProtect 2010-09-06.01 2010.09.06 - Panda 10.0.2.7 2010.09.05 - PCTools 7.0.3.5 2010.09.06 - Prevx 3.0 2010.09.06 - Rising 22.64.00.04 2010.09.06 - Sophos 4.57.0 2010.09.06 - Sunbelt 6837 2010.09.06 - SUPERAntiSpyware 4.40.0.1006 2010.09.06 - Symantec 20101.1.1.7 2010.09.06 - TheHacker 6.5.2.1.364 2010.09.05 - TrendMicro 9.120.0.1004 2010.09.06 - TrendMicro-HouseCall 9.120.0.1004 2010.09.06 - VBA32 3.12.14.0 2010.09.03 - ViRobot 2010.8.31.4017 2010.09.06 - VirusBuster 12.64.18.1 2010.09.05 - Additional information Show all MD5 : 2cb1a7cdf7020ae92df83ecdec9928be SHA1 : c48a0633e89ee85f0c2bf56dad4ac9a6e8fb1134 SHA256: ae1764ac9f96b4248afc94d0f36500b263640b75f272dbb82862797a02955f46 ssdeep: 192:5lZDFG8wk45TDP19ndRR8Ew0S6J+TTWXkUWMYX:bZ7wk6Dd9ndRR8Ew0S6cTTW0UWZ File size : 24626 bytes First seen: 2009-08-11 10:01:53 Last seen : 2010-09-06 10:09:29 Magic: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit TrID: Generic Win/DOS Executable (49.9%) DOS Executable Generic (49.8%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) sigcheck: publisher....: Microsoft Corporation copyright....: Copyright © Microsoft Corp. 2001 product......: Microsoft ® Script Runtime description..: Ressources internationales de l_ex_cutable Script Microsoft ® original name: scrrnen.dll internal name: scrrnen.dll file version.: 5.6.0.6626 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEiD: - PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x0 timedatestamp....: 0x3B853365 (Thu Aug 23 16:46:29 2001) machinetype......: 0x14C (Intel I386) [[ 3 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .rdata, 0x1000, 0x1C, 0x1000, 0.02, 379ac693531c7351bb1447d47ed894bf .rsrc, 0x2000, 0x3000, 0x3000, 3.96, 39f9a0a77954a6f290810c969091029d .reloc, 0x5000, 0xC, 0x1000, 0.0, 3808644f11ba1ee3cb2b6326fcd2e01a RDS: NSRL Reference Data Set Microsoft MSDN Disc 2307, July 2003: scrrnfr.dll MSDN Disc 3264, April 2003: scrrnfr.dll MSDN Disc 2439, October 2003: scrrnfr.dll Applications, Platforms, Servers, August 2002: scrrnfr.dll MSDN Disc 2439.8, May 2006: scrrnfr.dll Platforms, SDK/DDK, November 2002: scrrnfr.dll Windows XP Home Edition, February 2003: scrrnfr.dll MSDN Disc 2439.2, June 2004: scrrnfr.dll MSDN Disc 2041, April 2003: scrrnfr.dll MSDN Disc 2439.1, March2004: scrrnfr.dll MSDN Disc 2439.7, November 2005: scrrnfr.dll MSDN Disc 2439.3, October 2004: scrrnfr.dll MSDN Disc 2439.6, July 2005: scrrnfr.dll VT Community 0 This file has never been reviewed by any VT Community member. Be the first one to comment on it! VirusTotal Team Add your comment... Remember that when you write comments as an anonymous user they receive the lowest possible reputation. So if you have not signed in yet don't forget to do so. How to markup your comments? You can add basic styles to your comments using the following accepted bbcode tags: text -- bold text -- italics text -- underline text -- strikethrough text - preformatted text Goodware Malware Spam attachment/link P2P download Propagating via IM Network worm Drive-by-download Anonymous limit exceeded: anonymous users can only make one comment per file or URL, either sign in or register in order to continue making reviews on this item. Note that anonymous user discrimination is based on IP addresses, hence, it may be possible that another user behind your same proxy or NAT connection already made a review. Preview comment Edit comment Post comment Posting comment... Comment successfully posted petite question niaiseuse mais bon dois-effacer les deux fichiers detectés par mbam ? a+ migg
-
Bonsoir voici mon rapport mbam: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4557 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 2010-09-06 19:09:18 mbam-log-2010-09-06 (19-09-18).txt Type d'examen: Examen complet (C:\|D:\|E:\|G:\|) Elément(s) analysé(s): 204033 Temps écoulé: 1 heure(s), 2 minute(s), 29 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon.exe.vir (Trojan.Agent) -> No action taken. C:\System Volume Information\_restore{32D93D89-1AFB-4AE5-9CAB-994171EA6B36}\RP8\A0000713.exe (Trojan.Agent) -> No action taken. merci a toi migg
-
Salut J'ai réinstaller et mis a jour mon antivir. voici le rapport: Avira AntiVir Personal Report file date: 6 septembre 2010 12:47 Scanning for 2784261 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : INSERTECH144756 Version information: BUILD.DAT : 10.0.0.567 32097 Bytes 19/04/2010 15:07:00 AVSCAN.EXE : 10.0.3.0 433832 Bytes 01/04/2010 17:37:38 AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 17:57:04 LUKE.DLL : 10.0.2.3 104296 Bytes 07/03/2010 23:33:04 LUKERES.DLL : 10.0.0.1 12648 Bytes 11/02/2010 04:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 14:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 00:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 22:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 21:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 16:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 16:40:50 VBASE006.VDF : 7.10.7.218 2294784 Bytes 02/06/2010 16:41:13 VBASE007.VDF : 7.10.9.165 4840960 Bytes 23/07/2010 16:42:01 VBASE008.VDF : 7.10.9.166 2048 Bytes 23/07/2010 16:42:01 VBASE009.VDF : 7.10.9.167 2048 Bytes 23/07/2010 16:42:01 VBASE010.VDF : 7.10.9.168 2048 Bytes 23/07/2010 16:42:01 VBASE011.VDF : 7.10.9.169 2048 Bytes 23/07/2010 16:42:01 VBASE012.VDF : 7.10.9.170 2048 Bytes 23/07/2010 16:42:02 VBASE013.VDF : 7.10.9.198 157696 Bytes 26/07/2010 16:42:03 VBASE014.VDF : 7.10.9.255 997888 Bytes 29/07/2010 16:42:13 VBASE015.VDF : 7.10.10.28 139264 Bytes 02/08/2010 16:42:15 VBASE016.VDF : 7.10.10.52 127488 Bytes 03/08/2010 16:42:16 VBASE017.VDF : 7.10.10.84 137728 Bytes 06/08/2010 16:42:17 VBASE018.VDF : 7.10.10.107 176640 Bytes 09/08/2010 16:42:19 VBASE019.VDF : 7.10.10.130 132608 Bytes 10/08/2010 16:42:21 VBASE020.VDF : 7.10.10.158 131072 Bytes 12/08/2010 16:42:22 VBASE021.VDF : 7.10.10.190 136704 Bytes 16/08/2010 16:42:24 VBASE022.VDF : 7.10.10.217 118272 Bytes 19/08/2010 16:42:25 VBASE023.VDF : 7.10.10.246 130048 Bytes 23/08/2010 16:42:26 VBASE024.VDF : 7.10.11.11 144896 Bytes 25/08/2010 16:42:28 VBASE025.VDF : 7.10.11.33 135168 Bytes 27/08/2010 16:42:29 VBASE026.VDF : 7.10.11.52 148992 Bytes 31/08/2010 16:42:31 VBASE027.VDF : 7.10.11.75 124928 Bytes 03/09/2010 16:42:32 VBASE028.VDF : 7.10.11.92 137728 Bytes 06/09/2010 16:42:33 VBASE029.VDF : 7.10.11.93 2048 Bytes 06/09/2010 16:42:34 VBASE030.VDF : 7.10.11.94 2048 Bytes 06/09/2010 16:42:34 VBASE031.VDF : 7.10.11.96 22016 Bytes 06/09/2010 16:42:34 Engineversion : 8.2.4.50 AEVDF.DLL : 8.1.2.1 106868 Bytes 06/09/2010 16:43:07 AESCRIPT.DLL : 8.1.3.44 1364346 Bytes 06/09/2010 16:43:06 AESCN.DLL : 8.1.6.1 127347 Bytes 06/09/2010 16:43:02 AESBX.DLL : 8.1.3.1 254324 Bytes 06/09/2010 16:43:08 AERDL.DLL : 8.1.8.2 614772 Bytes 06/09/2010 16:43:02 AEPACK.DLL : 8.2.3.5 471412 Bytes 06/09/2010 16:42:58 AEOFFICE.DLL : 8.1.1.8 201081 Bytes 06/09/2010 16:42:56 AEHEUR.DLL : 8.1.2.21 2883958 Bytes 06/09/2010 16:42:55 AEHELP.DLL : 8.1.13.3 242038 Bytes 06/09/2010 16:42:42 AEGEN.DLL : 8.1.3.20 397684 Bytes 06/09/2010 16:42:41 AEEMU.DLL : 8.1.2.0 393588 Bytes 06/09/2010 16:42:39 AECORE.DLL : 8.1.16.2 192887 Bytes 06/09/2010 16:42:38 AEBB.DLL : 8.1.1.0 53618 Bytes 06/09/2010 16:42:37 AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/01/2010 17:03:38 AVPREF.DLL : 10.0.0.0 44904 Bytes 14/01/2010 17:03:35 AVREP.DLL : 10.0.0.8 62209 Bytes 18/02/2010 21:47:40 AVREG.DLL : 10.0.3.0 53096 Bytes 01/04/2010 17:35:46 AVSCPLR.DLL : 10.0.3.0 83816 Bytes 01/04/2010 17:39:51 AVARKT.DLL : 10.0.0.14 227176 Bytes 01/04/2010 17:22:13 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26/01/2010 14:53:30 SQLITE3.DLL : 3.6.19.0 355688 Bytes 28/01/2010 17:57:58 AVSMTP.DLL : 10.0.0.17 63848 Bytes 16/03/2010 20:38:56 NETNT.DLL : 10.0.0.0 11624 Bytes 19/02/2010 19:41:00 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 18:10:20 RCTEXT.DLL : 10.0.53.0 97128 Bytes 09/04/2010 19:14:29 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, G:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: 6 septembre 2010 12:47 Starting search for hidden objects. c:\windows\explorer.exe c:\WINDOWS\explorer.exe [NOTE] The process is not visible. The scan of running processes will be started Scan process 'rsmsink.exe' - '28' Module(s) have been scanned Scan process 'msdtc.exe' - '40' Module(s) have been scanned Scan process 'dllhost.exe' - '59' Module(s) have been scanned Scan process 'dllhost.exe' - '45' Module(s) have been scanned Scan process 'vssvc.exe' - '48' Module(s) have been scanned Scan process 'avscan.exe' - '67' Module(s) have been scanned Scan process 'avcenter.exe' - '62' Module(s) have been scanned Scan process 'avgnt.exe' - '51' Module(s) have been scanned Scan process 'sched.exe' - '43' Module(s) have been scanned Scan process 'avshadow.exe' - '25' Module(s) have been scanned Scan process 'avguard.exe' - '54' Module(s) have been scanned Scan process 'plugin-container.exe' - '60' Module(s) have been scanned Scan process 'firefox.exe' - '120' Module(s) have been scanned Scan process 'notepad.exe' - '26' Module(s) have been scanned Scan process 'explorer.exe' - '92' Module(s) have been scanned Scan process 'ctfmon.exe' - '26' Module(s) have been scanned Scan process 'alg.exe' - '31' Module(s) have been scanned Scan process 'TuneUpUtilitiesApp32.exe' - '24' Module(s) have been scanned Scan process 'PDEngine.exe' - '32' Module(s) have been scanned Scan process 'vialogsv.exe' - '33' Module(s) have been scanned Scan process 'TuneUpUtilitiesService32.exe' - '37' Module(s) have been scanned Scan process 'svchost.exe' - '38' Module(s) have been scanned Scan process 'IoctlSvc.exe' - '15' Module(s) have been scanned Scan process 'PDAgent.exe' - '37' Module(s) have been scanned Scan process 'NBService.exe' - '37' Module(s) have been scanned Scan process 'jqs.exe' - '80' Module(s) have been scanned Scan process 'IJPLMSVC.EXE' - '16' Module(s) have been scanned Scan process 'spoolsv.exe' - '55' Module(s) have been scanned Scan process 'svchost.exe' - '31' Module(s) have been scanned Scan process 'svchost.exe' - '32' Module(s) have been scanned Scan process 'svchost.exe' - '30' Module(s) have been scanned Scan process 'svchost.exe' - '163' Module(s) have been scanned Scan process 'svchost.exe' - '38' Module(s) have been scanned Scan process 'svchost.exe' - '51' Module(s) have been scanned Scan process 'lsass.exe' - '51' Module(s) have been scanned Scan process 'services.exe' - '27' Module(s) have been scanned Scan process 'winlogon.exe' - '72' Module(s) have been scanned Scan process 'csrss.exe' - '12' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'G:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '494' files ). Starting the file scan: Begin scan in 'C:\' <Systeme> C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir [DETECTION] Is the TR/Spy.1037824.6 Trojan C:\System Volume Information\_restore{32D93D89-1AFB-4AE5-9CAB-994171EA6B36}\RP2\A0000114.exe [DETECTION] Is the TR/Spy.1037824.6 Trojan C:\System Volume Information\_restore{32D93D89-1AFB-4AE5-9CAB-994171EA6B36}\RP4\A0000374.exe [DETECTION] Is the TR/Spy.1037824.6 Trojan C:\System Volume Information\_restore{32D93D89-1AFB-4AE5-9CAB-994171EA6B36}\RP8\A0000715.exe [DETECTION] Is the TR/Spy.1037824.6 Trojan C:\System Volume Information\_restore{32D93D89-1AFB-4AE5-9CAB-994171EA6B36}\RP8\A0000716.exe [DETECTION] Is the TR/Spy.1037824.6 Trojan Begin scan in 'G:\' <Données> Beginning disinfection: C:\System Volume Information\_restore{32D93D89-1AFB-4AE5-9CAB-994171EA6B36}\RP8\A0000716.exe [DETECTION] Is the TR/Spy.1037824.6 Trojan [NOTE] The file was moved to the quarantine directory under the name '47af8b33.qua'. C:\System Volume Information\_restore{32D93D89-1AFB-4AE5-9CAB-994171EA6B36}\RP8\A0000715.exe [DETECTION] Is the TR/Spy.1037824.6 Trojan [NOTE] The file was moved to the quarantine directory under the name '5f38a494.qua'. C:\System Volume Information\_restore{32D93D89-1AFB-4AE5-9CAB-994171EA6B36}\RP4\A0000374.exe [DETECTION] Is the TR/Spy.1037824.6 Trojan [NOTE] The file was moved to the quarantine directory under the name '0d67fe7c.qua'. C:\System Volume Information\_restore{32D93D89-1AFB-4AE5-9CAB-994171EA6B36}\RP2\A0000114.exe [DETECTION] Is the TR/Spy.1037824.6 Trojan [NOTE] The file was moved to the quarantine directory under the name '6b50b1be.qua'. C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir [DETECTION] Is the TR/Spy.1037824.6 Trojan [NOTE] The file was moved to the quarantine directory under the name '2e949cc9.qua'. End of the scan: 6 septembre 2010 14:14 Used time: 1:26:16 Hour(s) The scan has been done completely. 6802 Scanned directories 307659 Files were scanned 5 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 5 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 307654 Files not concerned 9580 Archives were scanned 0 Warnings 5 Notes 647498 Objects were scanned with rootkit scan 1 Hidden objects were found merci a+
-
Bonjour voici mon rapport combofix. le seul hic est que j'ai du désinstaller mon antivir alors juste a me dire quand je pourrai le réinstaller. sinon tout c'est déroulé comme indique sur le site ComboFix 10-09-04.06 - Client 2010-09-06 12:02:58.1.1 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.502.239 [GMT -4:00] Lancé depuis: g:\downloads\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Client\Application Data\7951D3054DEEB7640455FC70B85FFB7E c:\documents and settings\Client\Application Data\7951D3054DEEB7640455FC70B85FFB7E\enemies-names.txt c:\documents and settings\Client\Application Data\7951D3054DEEB7640455FC70B85FFB7E\local.ini c:\documents and settings\Client\Application Data\7951D3054DEEB7640455FC70B85FFB7E\lsrslt.ini c:\documents and settings\Client\Application Data\inst.exe c:\documents and settings\Client\Local Settings\Application Data\Windows Server c:\documents and settings\Client\Local Settings\Application Data\Windows Server\flags.ini c:\documents and settings\Client\Local Settings\Application Data\Windows Server\server.dat c:\documents and settings\Client\Local Settings\Application Data\Windows Server\uses32.dat c:\windows\system32\scrrnfr.dll Une copie infectée de c:\windows\system32\winlogon.exe a été trouvée et désinfectée Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\winlogon.exe Une copie infectée de c:\windows\explorer.exe a été trouvée et désinfectée Copie restaurée à partir de - c:\system volume information\_restore{32D93D89-1AFB-4AE5-9CAB-994171EA6B36}\RP4\A0000390.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2010-08-06 au 2010-09-06 )))))))))))))))))))))))))))))))))))) . 2010-09-03 15:00 . 2008-04-14 02:34 1037824 ----a-w- c:\windows\explorer.exe 2010-09-01 08:28 . 2010-09-01 08:29 -------- d-----w- c:\program files\SEAF 2010-08-31 19:30 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-31 19:30 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-31 19:30 . 2010-08-31 19:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-31 19:29 . 2010-08-31 19:29 -------- d-----w- C:\28187 2010-08-30 17:50 . 2010-08-31 21:01 -------- d-----w- c:\program files\ZHPDiag 2010-08-29 14:21 . 2010-08-29 14:21 -------- d-----w- c:\documents and settings\Client\Application Data\Malwarebytes 2010-08-29 14:19 . 2010-08-29 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-08-24 15:21 . 2010-08-24 15:21 -------- d-----w- c:\program files\CCleaner 2010-08-10 14:41 . 2010-07-06 12:07 30016 ----a-w- c:\windows\system32\uxtuneup.dll 2010-08-07 19:36 . 2010-08-07 19:36 -------- d-----w- c:\documents and settings\Client\Application Data\NeroVision . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-02 19:20 . 2009-03-17 19:38 -------- d-----w- c:\documents and settings\Client\Application Data\uTorrent 2010-09-02 19:08 . 2009-04-01 19:54 -------- d-----w- c:\program files\Microsoft Silverlight 2010-08-30 21:09 . 2009-03-17 19:39 -------- d-----w- c:\program files\uTorrent 2010-08-30 19:42 . 2009-03-16 23:27 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-08-30 19:42 . 2009-03-16 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-08-25 18:08 . 2009-03-20 22:09 -------- d-----w- c:\documents and settings\Client\Application Data\Media Player Classic 2010-08-12 18:49 . 2009-03-20 09:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-08-12 18:48 . 2004-08-05 12:00 93408 ----a-w- c:\windows\system32\perfc00C.dat 2010-08-12 18:48 . 2004-08-05 12:00 532828 ----a-w- c:\windows\system32\perfh00C.dat 2010-08-10 21:30 . 2009-03-20 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek 2010-08-10 14:42 . 2010-02-09 19:20 -------- d-----w- c:\program files\TuneUp Utilities 2010 2010-08-04 17:49 . 2010-06-04 19:00 -------- d-----w- c:\program files\Audacity 2010-08-03 14:57 . 2009-04-01 19:53 -------- d-----w- c:\program files\Microsoft 2010-07-31 14:32 . 2009-03-24 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM 2010-07-27 09:08 . 2009-06-06 17:52 -------- d-----w- c:\program files\FairUse Wizard 2 2010-07-26 20:24 . 2010-07-26 20:24 2948 ----a-w- C:\cc_20100726_162347.reg 2010-07-18 13:44 . 2010-07-18 13:44 -------- d-----w- c:\program files\SoulseekNS 2010-07-09 13:23 . 2010-07-09 13:23 -------- d-----w- c:\documents and settings\Client\Application Data\Todae 2010-07-06 12:12 . 2010-04-29 18:10 30528 ----a-w- c:\windows\system32\TURegOpt.exe 2010-06-30 12:32 . 2004-08-05 12:00 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:17 . 2004-08-05 12:00 832512 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 12:17 . 2009-06-04 00:54 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-06-24 12:17 . 2004-08-05 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2010-06-24 09:02 . 2004-08-05 12:00 1852032 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27 . 2004-08-05 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-18 19:05 . 2008-08-11 15:11 97320 ----a-w- c:\documents and settings\Client\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-17 14:03 . 2004-08-05 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-15 21:59 . 2010-06-15 21:59 602112 ----a-w- c:\documents and settings\Client\Application Data\LANCITE\EPhoto\EPhotoWin.dll 2010-06-14 14:31 . 2008-07-28 13:17 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-14 07:42 . 2004-08-05 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DeltTray"="DeltTray.exe" [2004-08-26 56320] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-18 113664] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /r \??\g:\0pdboot.exe\0autocheck autochk /r \??\g:\0autocheck autochk /r \??\g:\0autocheck autochk /r \??\G:\0autocheck autochk * [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-17 02:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 "WeatherEye"=c:\documents and settings\Client\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe "ctfmon.exe"=c:\windows\system32\ctfmon.exe "SpybotSD TeaTimer"=f:\spybot - search & destroy\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "NeroFilterCheck"=c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe "HotKeysCmds"=c:\windows\system32\hkcmd.exe "Persistence"=c:\windows\system32\igfxpers.exe "IgfxTray"=c:\windows\system32\igfxtray.exe "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" "SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\SoulseekNS\\slsk.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2008-07-28 17968] R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2009-08-09 14976] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-07-06 1051968] R2 VRAID Log Service;VRAID Log Service;c:\program files\VIA\RAID\vialogsv.exe [2009-08-20 52888] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064] S3 jfdcd;jfdcd;\??\c:\docume~1\Client\LOCALS~1\Temp\jfdcd.sys --> c:\docume~1\Client\LOCALS~1\Temp\jfdcd.sys [?] S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [2008-08-13 63024] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-03-19 717296] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.ca/ IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Client\Application Data\Mozilla\Firefox\Profiles\pf0etrk1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - plugin: c:\documents and settings\Client\Application Data\Mozilla\Firefox\Profiles\pf0etrk1.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHELINS SUPPRIMES - - - - MSConfigStartUp-CanonSolutionMenu - c:\program files\Canon\SolutionMenu\CNSLMAIN.exe MSConfigStartUp-filehippo - c:\program files\filehippo.com\UpdateChecker.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-09-06 12:09 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(3748) c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\eappprxy.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Canon\IJPLM\IJPLMSVC.EXE c:\program files\Java\jre6\bin\jqs.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\program files\Raxco\PerfectDisk10\PDAgent.exe c:\windows\system32\IoctlSvc.exe c:\program files\Raxco\PerfectDisk10\PDEngine.exe c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2010-09-06 12:14:17 - La machine a redémarré ComboFix-quarantined-files.txt 2010-09-06 16:14 Avant-CF: 25 838 039 040 octets libres Après-CF: 25 790 869 504 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect - - End Of File - - C66CA910D8F12770655F74EEDB1FAAAD encore un gros merci a+ migg
-
re rebonjour je crois que ca empire j'ai du redamarer apres la manip. apres mon bureau etait revenu mais mon anti virus continu de me sortir le meme cheval de troie a répétition ... de plus je ne trouve pas le rapport otm bizarement maintenant quand je clique sur mon poste de travail ca m'envoie a gestion de l'ordinateur. vraiment désolé de te donner tant de misere a+ migg
-
rebonjour j'ai fait ce que tu m'as demandé. lorsque je clique sur terminer le processus ca me donne un avertissement. je clique sur oui, mon bureau disparait. je tape la commande mais ca me donne le meme message que tantot. je regarde et le explorer reste tout de meme en fonction... diagnostique doc ?